Applying An Ip Acl To The Loopback Interface - Dell Force10 S2410-01-10GE-24P Configuration Manual
Sftos configuration guide
Hide thumbs
Also See for Force10 S2410-01-10GE-24P:
- Command reference manual (514 pages) ,
- Manual (42 pages) ,
- Quick start manual (31 pages)
Table of Contents
Advertisement
Figure 13-164. Example of Defining a Second IP ACL Rule
Force10 #config
Force10 (Config)#access-list 101 permit udp 192.168.77.0 0.0.0.255 192.178.77.0 0.0.0.255
Force10 (Config)#
3. Apply the ACL to inbound traffic on port 1/0/2. Only traffic matching the criteria will be accepted.
Figure 13-165. Example of Applying ACL Rule
Force10 (Config)#interface 1/0/2
Force10 (Interface 1/0/2)#ip access-group 101 in
Force10 (Interface 1/0/2)#exit
Applying an IP ACL to the Loopback Interface
A loopback ACL (added in SFTOS 2.5.1), often called a management VTY ACL, uses loopback interface
0 to protect access to switch management. For details on loopback interface commands, see the
command in the System Configuration Commands chapter in the SFTOS Command Reference.
interface
Note: Loopback ACLs are supported only on ingress traffic.
Only loopback interface 0 is supported for a loopback interface.
Applying a loopback interface IP ACL achieves the same results as applying specific ACLs onto all
ingress interfaces. The IP ACL targets and handles Layer 3 traffic destined to terminate on the system,
including routing protocols and remote access, SNMP, and ICMP. Effective filtering of Layer 3 traffic from
Layer 3 routers reduces the risk of attack.
IP ACLs assigned to loopback interface 0 affect the ACLs applied to all interfaces:
•
When you apply an IP ACL to loopback interface 0, you are effectively applying it to all interfaces.
Nevertheless, you can still remove it from an individual interface without affecting other interfaces.
However, traffic bound to or from the management interface (or others) through this interface (the one
from which the ACL is removed) will be affected.
•
An ACL assigned to loopback interface 0 takes up one of the nine ACLs available to each interface.
Removing the ACL from loopback interface 0 removes it from all interfaces. For example, if you have
a 3-rule management ACL, then the available ACL rules on all interfaces is five + an implicit deny.
•
An ACL applied to loopback interface 0 appears under the configuration for each interface in the
running-config, not under loopback interface 0.
•
You can remove an IP ACL from all interfaces to which it has been individually assigned by executing
a
no ip access-group
assigned to ports 1/0/2 and 1/0/4, executing the
Loopback Config mode removes the ACL from those two ports.
•
The priority assigned to the loopback ACL affects the order in which ACL rules are applied to
interfaces. For example, if you assign priority 10 to the loopback ACL, and you assign priority 9 to
ACL 1 assigned directly to a particular port, the rules in ACL 1 take precedence. (Priority 9 is higher
than priority 10.)
command from Interface Loopback Config mode. For example, if ACL 1 is
no ip access-group 1
command from Interface
loopback
Access Control | 203
Advertisement
Table of Contents
Troubleshooting
